Although Blackhole has been investigated and dissected multiple times, there are still some surprises that emerge. One thing we just discovered is an exploit for CVE-2011-0559, which is one of the two Flash exploits being used by Blackhole currently.

Compared to other exploits, this one has been used by Blackhole for quite some time and yet… the coverage using different security products is very low.

With very low antivirus coverage, no Metasploit module, and PoCs being extremely difficult to find, this increases the chances of exploitation. Blackhole targets to exploit Adobe Flash 10.0 and earlier versions, 10.1, and 10.0.x (where x is later than 40). The vulnerability has been patched since March 2011. Detection has been added to F-Secure Anti-Virus as Exploit:W32/CVE-2011-0559.A.